Automated Teller Machines (ATMs) are widely used for banking transactions and handle large amounts of cash and sensitive customer information. Because of this, ATMs and the systems that support them are frequent targets for criminal activities. ATM fraud includes a variety of techniques used to steal money, card information, or customer credentials. Over the years, criminals have developed both simple and highly sophisticated methods to exploit ATM systems, while banks and ATM manufacturers have continuously introduced new security measures to prevent such fraud.
Many ATMs also display security warning messages reminding customers to remain alert and check for signs of tampering before using the machine.
Early ATM Fraud
One of the earliest known cases of a fake ATM occurred in 1993 at a shopping mall in Manchester, Connecticut, USA.
Criminals modified the internal components of a Fujitsu Model 7020 ATM, creating a fraudulent machine that secretly collected the information stored on customers’ bank cards. This information was later used for unauthorized financial transactions.
This incident demonstrated that criminals could manipulate ATM hardware itself rather than attacking only the banking network.
ATM Configuration Fraud
Another form of ATM fraud involves manipulating the machine’s internal configuration.
In 2006, an incident reported in Virginia Beach, USA, involved a hacker who reportedly obtained the factory-default administrator password for a white-label ATM installed at a petrol station.
After gaining administrative access, the attacker altered the ATM’s software configuration so that the machine believed it was dispensing US$5 banknotes instead of US$20 banknotes.
As a result, both the attacker and several later customers received four times more cash than was deducted from their bank accounts.
This example illustrates how unauthorized access to ATM administration systems can lead to significant financial losses.
Stand-In Processing Fraud
ATMs normally communicate with the bank’s central database before approving a transaction.
However, during certain situations such as database maintenance or temporary communication failures, the ATM network may operate in Stand-In Mode.
During this period, the ATM cannot verify the customer’s current account balance. To ensure continued customer access to cash, the bank may allow withdrawals up to a predetermined emergency limit.
If customers intentionally withdraw more money than is actually available in their accounts during Stand-In Mode, fraudulent overdrawing may occur.
Card Fraud
One of the most common forms of ATM fraud involves the theft or unauthorized copying of customers’ ATM cards and Personal Identification Numbers (PINs).
Criminals use both simple and advanced techniques to obtain this information.
Card Theft
The simplest form of ATM fraud is the physical theft of a customer’s ATM card along with knowledge of the customer’s PIN.
To reduce the risk of criminals observing customers entering their PIN, many banks provide privacy zones or floor markings that encourage users to stand in positions where the keypad is less visible to others.
Lebanese Loop
A well-known card theft technique is called the Lebanese Loop.
In this method, criminals secretly insert a specially designed device inside the ATM’s card reader before customers use the machine.
When the customer inserts the card, the device traps it inside the ATM so that it cannot be returned.
Believing that the machine has malfunctioned, the customer often leaves the ATM after unsuccessfully trying to recover the card.
The criminal later removes the trapped card and uses it together with the customer’s previously observed or stolen PIN to withdraw money from the account.
Although this method has been partly replaced by skimming, it has experienced renewed use in some regions where EMV chip-and-PIN cards have become common.
Mail Theft Fraud
Another relatively simple fraud method involves requesting a replacement ATM card from the bank.
If criminals can intercept the replacement card and the separately mailed PIN, they may gain unauthorized access to the customer’s account.
Card Skimming
One of the most widespread modern ATM fraud techniques is Card Skimming, also known as Card Cloning.
In this method, criminals install a fake magnetic card reader over the genuine ATM card slot.
As customers insert their cards, the hidden reader secretly copies the information stored on the card’s magnetic stripe.
At the same time, criminals capture the customer’s PIN using methods such as:
- Hidden wireless surveillance cameras
- Modified digital cameras
- Fake PIN keypads placed over the genuine keypad
The stolen card data is then transferred onto a duplicate card, allowing criminals to perform unauthorized cash withdrawals.
The availability of inexpensive wireless cameras, magnetic card readers, PIN overlays, and card-writing equipment has made card skimming a relatively low-cost and widespread form of fraud.
Common Card Fraud Techniques
| Fraud Method | Description |
|---|---|
| Card Theft | Physically stealing the customer’s ATM card. |
| Lebanese Loop | Traps the customer’s card inside the ATM for later theft. |
| Mail Theft | Stealing replacement ATM cards and PINs sent by mail. |
| Card Skimming | Copies magnetic stripe information using hidden card readers. |
| Card Cloning | Creates duplicate cards using stolen magnetic stripe data. |
Prevention of Card Cloning
To reduce the risk of card cloning, the banking industry has introduced several security technologies.
The most significant improvement has been the adoption of Smart Cards containing embedded integrated circuits (chips).
Unlike traditional magnetic stripe cards, smart cards are much more difficult to copy or duplicate.
Several smart card security systems have been developed over the years, including:
- Carte Bleue
- Visa Cash
- Mondex
- Blue (American Express)
- EMV ’96
- EMV 3.11
The most widely adopted smart card security standard today is EMV 2000 (EMV 4.x).
EMV Technology
EMV (Europay, Mastercard, and Visa) technology has become the international standard for chip-based payment cards.
It is widely used in the United Kingdom under the Chip and PIN system and has also been adopted in many other countries.
However, when a chip cannot be read, some ATMs automatically fall back to using the magnetic stripe, which is easier to copy.
Criminals have exploited this fallback feature to perform fraudulent transactions using cloned magnetic stripe cards.
To reduce this risk, several banks—particularly in the United Kingdom—have removed the magnetic stripe fallback option. If the ATM cannot successfully read the chip, the transaction is automatically declined.
MagnePrint and BluPrint Technology
Additional protection against card cloning is provided by technologies such as MagnePrint and BluPrint.
During the manufacturing of a magnetic stripe card, a unique magnetic signature is naturally created.
Specialized magnetic card readers and firmware can detect this unique signature during ATM transactions.
Since the signature cannot easily be duplicated, it provides an additional method of verifying that the card being used is genuine.
These technologies are often combined with Two-Factor Authentication (2FA) to improve transaction security.
Technologies Used to Prevent Card Fraud
| Technology | Purpose |
|---|---|
| Smart Cards (Chip Cards) | More difficult to copy than magnetic stripe cards. |
| EMV | Secure chip-based card authentication. |
| Chip and PIN | Verifies both the card and customer identity. |
| MagnePrint / BluPrint | Uses unique magnetic signatures to detect cloned cards. |
| Two-Factor Authentication (2FA) | Adds an additional layer of identity verification. |
Development of Card Cloning
The concept of copying the information stored on a magnetic stripe card was already well known within computer hacking communities by the late 1990s.
As magnetic stripe technology became more widely used, criminals developed increasingly sophisticated methods for creating duplicate ATM cards capable of performing unauthorized transactions.
Video Recording Fraud
A notable example of ATM fraud occurred in 1996, when Andrew Stone, a computer security consultant from Hampshire, United Kingdom, was convicted of stealing more than £1 million.
Stone used high-definition video cameras positioned at a considerable distance from ATMs to secretly record the details embossed on customers’ ATM cards, including:
- Card number
- Expiry date
- Other visible card information
At the same time, the cameras also recorded customers entering their PINs.
Using this information, he produced cloned ATM cards that allowed him to withdraw the maximum daily limit from multiple customer accounts.
By creating several duplicate cards for the same account, he was reportedly able to bypass normal withdrawal limits and significantly increase the amount of money stolen.
This case highlighted the importance of protecting both card information and PIN confidentiality, leading to the development of stronger ATM security measures and improved customer awareness programs.